[trel] detect and handle socket addr discrepancy for TREL peers (openthread#10869)

This commit introduces a new mechanism for the TREL link to detect and
handle discrepancies between the IPv6 address and port used by a TREL
peer in a received TREL packet, and the information previously
reported by the platform layer (through DNS-SD discovery) for the
same peer.

Ideally, the platform underlying DNS-SD should detect changes to
advertised ports and addresses by peers. However, there are
situations where this is not detected reliably.

As a received frame over the TREL radio link is processed by the MAC
or MLE layers, if the frame passes receive security checks at either
layer (indicating it is a secure and authenticated/fresh frame from a
valid neighbor), the TREL peer socket address is automatically
updated from the received TREL packet info. This ensures the TREL
peer table is updated correctly if there are changes to TREL peer
addresses of valid Thread neighbors upon rx from such neighbor,
increasing the robustness of the TREL link.

This commit also introduces a new `otPlatTrel` platform API,
`otPlatTrelNotifyPeerSocketAddressDifference()`. The TREL
implementation now notifies the platform layer whenever it detects a
discrepancy in a TREL peer's socket address, regardless of whether
the peer table is automatically updated. This allows the platform
layer to take any appropriate action, such as restarting or
confirming DNS-SD service resolution query for the peer service
instance and/or address resolution query for its associated host
name.

This commit also adds a new test that validates the newly added
behavior, including the auto-update of peer table information and
notification of the platform through the new API, triggered by either
MLE or MAC messages over the TREL radio link.

Author: abtink

examples/apps/cli/main.c

@@ -72,6 +72,9 @@ static otError ProcessExit(void *aContext, uint8_t aArgsLength, char *aArgs[])
 
 #if OPENTHREAD_EXAMPLES_SIMULATION
 extern otError ProcessNodeIdFilter(void *aContext, uint8_t aArgsLength, char *aArgs[]);
+#if OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE
+extern otError ProcessTrelTest(void *aContext, uint8_t aArgsLength, char *aArgs[]);
+#endif
 #endif
 
 static const otCliCommand kCommands[] = {
@@ -92,6 +95,9 @@ static const otCliCommand kCommands[] = {
      *     - `nodeidfilter`               :  Outputs filter mode (allow-list or deny-list) and filtered node IDs.
      */
     {"nodeidfilter", ProcessNodeIdFilter},
+#if OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE
+    {"treltest", ProcessTrelTest},
+#endif
 #endif
 };
 #endif // OPENTHREAD_POSIX && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)

examples/platforms/simulation/trel.c

@@ -28,6 +28,7 @@
 
 #include "platform-simulation.h"
 
+#include <openthread/ip6.h>
 #include <openthread/random_noncrypto.h>
 #include <openthread/platform/trel.h>
 
@@ -60,6 +61,7 @@ typedef struct Message
 {
     MessageType mType;
     otSockAddr  mSockAddr;                   // Destination (when TREL_DATA_MESSAGE), or peer addr (when DNS-SD service)
+    otSockAddr  mSourceAddr;                 // Source address (used when TREL_DATA_MESSAGE)
     uint16_t    mDataLength;                 // mData length
     uint8_t     mData[TREL_MAX_PACKET_SIZE]; // TREL UDP packet (when TREL_DATA_MESSAGE), or service TXT data.
 } Message;
@@ -70,12 +72,13 @@ static Message sPendingTx[TREL_MAX_PENDING_TX];
 static utilsSocket sSocket;
 static uint16_t    sPortOffset = 0;
 static bool        sEnabled    = false;
+static otSockAddr  sSockAddr;
 
 static bool               sServiceRegistered = false;
-static uint16_t           sServicePort;
 static uint8_t            sServiceTxtLength;
 static char               sServiceTxtData[TREL_MAX_SERVICE_TXT_DATA_LEN];
 static otPlatTrelCounters sCounters;
+static uint16_t           sNotifyAddressDiffCounter = 0;
 
 #if DEBUG_LOG
 static void dumpBuffer(const void *aBuffer, uint16_t aLength)
@@ -158,15 +161,14 @@ static void sendServiceMessage(MessageType aType)
     assert(sNumPendingTx < TREL_MAX_PENDING_TX);
     message = &sPendingTx[sNumPendingTx++];
 
-    message->mType = aType;
-    memset(&message->mSockAddr, 0, sizeof(otSockAddr));
-    message->mSockAddr.mPort = sServicePort;
-    message->mDataLength     = sServiceTxtLength;
+    message->mType       = aType;
+    message->mSockAddr   = sSockAddr;
+    message->mDataLength = sServiceTxtLength;
     memcpy(message->mData, sServiceTxtData, sServiceTxtLength);
 
 #if DEBUG_LOG
     fprintf(stderr, "\r\n[trel-sim] sendServiceMessage(%s): service-port:%u, txt-len:%u\r\n",
-            aType == TREL_DNSSD_ADD_SERVICE_MESSAGE ? "add" : "remove", sServicePort, sServiceTxtLength);
+            aType == TREL_DNSSD_ADD_SERVICE_MESSAGE ? "add" : "remove", sSockAddr.mPort, sServiceTxtLength);
 #endif
 }
 
@@ -186,7 +188,8 @@ static void processMessage(otInstance *aInstance, Message *aMessage, uint16_t aL
     {
     case TREL_DATA_MESSAGE:
         otEXPECT(aMessage->mSockAddr.mPort == sSocket.mPort);
-        otPlatTrelHandleReceived(aInstance, aMessage->mData, aMessage->mDataLength);
+        otEXPECT(otIp6IsAddressEqual(&aMessage->mSockAddr.mAddress, &sSockAddr.mAddress));
+        otPlatTrelHandleReceived(aInstance, aMessage->mData, aMessage->mDataLength, &aMessage->mSourceAddr);
         break;
 
     case TREL_DNSSD_BROWSE_MESSAGE:
@@ -248,6 +251,21 @@ void otPlatTrelDisable(otInstance *aInstance)
     }
 }
 
+void otPlatTrelNotifyPeerSocketAddressDifference(otInstance       *aInstance,
+                                                 const otSockAddr *aPeerSockAddr,
+                                                 const otSockAddr *aRxSockAddr)
+{
+    OT_UNUSED_VARIABLE(aInstance);
+    OT_UNUSED_VARIABLE(aPeerSockAddr);
+    OT_UNUSED_VARIABLE(aRxSockAddr);
+
+    sNotifyAddressDiffCounter++;
+
+#if DEBUG_LOG
+    fprintf(stderr, "\r\n[trel-sim] otPlatTrelNotifyPeerSocketAddressDifference()\r\n");
+#endif
+}
+
 void otPlatTrelRegisterService(otInstance *aInstance, uint16_t aPort, const uint8_t *aTxtData, uint8_t aTxtLength)
 {
     OT_UNUSED_VARIABLE(aInstance);
@@ -260,7 +278,7 @@ void otPlatTrelRegisterService(otInstance *aInstance, uint16_t aPort, const uint
     }
 
     sServiceRegistered = true;
-    sServicePort       = aPort;
+    sSockAddr.mPort    = aPort;
     sServiceTxtLength  = aTxtLength;
     memcpy(sServiceTxtData, aTxtData, aTxtLength);
 
@@ -289,6 +307,7 @@ void otPlatTrelSend(otInstance       *aInstance,
 
     message->mType       = TREL_DATA_MESSAGE;
     message->mSockAddr   = *aDestSockAddr;
+    message->mSourceAddr = sSockAddr;
     message->mDataLength = aUdpPayloadLen;
     memcpy(message->mData, aUdpPayload, aUdpPayloadLen);
 
@@ -325,6 +344,10 @@ void platformTrelInit(uint32_t aSpeedUpFactor)
 
     utilsInitSocket(&sSocket, TREL_SIM_PORT + sPortOffset);
 
+    memset(&sSockAddr, 0, sizeof(otSockAddr));
+    sSockAddr.mAddress.mFields.m32[3] = gNodeId;
+    sSockAddr.mPort                   = sSocket.mPort;
+
     OT_UNUSED_VARIABLE(aSpeedUpFactor);
 }
 
@@ -378,14 +401,59 @@ void otPlatTrelResetCounters(otInstance *aInstance)
     memset(&sCounters, 0, sizeof(sCounters));
 }
 
+//---------------------------------------------------------------------------------------------------------------------
+// CLI `treltest` command
+
+OT_TOOL_WEAK void otCliOutputFormat(const char *aFmt, ...) { OT_UNUSED_VARIABLE(aFmt); }
+
+otError ProcessTrelTest(void *aContext, uint8_t aArgsLength, char *aArgs[])
+{
+    OT_UNUSED_VARIABLE(aContext);
+
+    otError error = OT_ERROR_NONE;
+
+    otEXPECT_ACTION(aArgsLength == 1, error = OT_ERROR_INVALID_ARGS);
+
+    if (!strcmp(aArgs[0], "sockaddr"))
+    {
+        char string[OT_IP6_SOCK_ADDR_STRING_SIZE];
+
+        otIp6SockAddrToString(&sSockAddr, string, sizeof(string));
+        otCliOutputFormat("%s\r\n", string);
+    }
+    else if (!strcmp(aArgs[0], "changesockaddr"))
+    {
+        sSockAddr.mAddress.mFields.m32[2]++;
+    }
+    else if (!strcmp(aArgs[0], "changesockport"))
+    {
+        sSockAddr.mPort++;
+    }
+    else if (!strcmp(aArgs[0], "notifyaddrcounter"))
+    {
+        otCliOutputFormat("%u\r\n", sNotifyAddressDiffCounter);
+    }
+    else
+    {
+        error = OT_ERROR_INVALID_COMMAND;
+    }
+
+exit:
+    return error;
+}
+
 //---------------------------------------------------------------------------------------------------------------------
 
 // This is added for RCP build to be built ok
-OT_TOOL_WEAK void otPlatTrelHandleReceived(otInstance *aInstance, uint8_t *aBuffer, uint16_t aLength)
+OT_TOOL_WEAK void otPlatTrelHandleReceived(otInstance       *aInstance,
+                                           uint8_t          *aBuffer,
+                                           uint16_t          aLength,
+                                           const otSockAddr *aSenderAddr)
 {
     OT_UNUSED_VARIABLE(aInstance);
     OT_UNUSED_VARIABLE(aBuffer);
     OT_UNUSED_VARIABLE(aLength);
+    OT_UNUSED_VARIABLE(aSenderAddr);
 
     assert(false);
 }
@@ -398,4 +466,22 @@ OT_TOOL_WEAK void otPlatTrelHandleDiscoveredPeerInfo(otInstance *aInstance, cons
     assert(false);
 }
 
+OT_TOOL_WEAK void otIp6SockAddrToString(const otSockAddr *aSockAddr, char *aBuffer, uint16_t aSize)
+{
+    OT_UNUSED_VARIABLE(aSockAddr);
+    OT_UNUSED_VARIABLE(aBuffer);
+    OT_UNUSED_VARIABLE(aSize);
+
+    assert(false);
+}
+
+OT_TOOL_WEAK bool otIp6IsAddressEqual(const otIp6Address *aFirst, const otIp6Address *aSecond)
+{
+    OT_UNUSED_VARIABLE(aFirst);
+    OT_UNUSED_VARIABLE(aSecond);
+
+    assert(false);
+    return false;
+}
+
 #endif // OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE

include/openthread/instance.h

@@ -52,7 +52,7 @@ extern "C" {
  *
  * @note This number versions both OpenThread platform and user APIs.
  */
-#define OPENTHREAD_API_VERSION (467)
+#define OPENTHREAD_API_VERSION (468)
 
 /**
  * @addtogroup api-instance

include/openthread/platform/trel.h

@@ -135,6 +135,23 @@ typedef struct otPlatTrelPeerInfo
  */
 extern void otPlatTrelHandleDiscoveredPeerInfo(otInstance *aInstance, const otPlatTrelPeerInfo *aInfo);
 
+/**
+ * Notifies platform that a TREL packet is received from a peer using a different socket address than the one reported
+ * earlier from `otPlatTrelHandleDiscoveredPeerInfo()`.
+ *
+ * Ideally the platform underlying DNS-SD should detect changes to advertised port and addresses by peers, however,
+ * there are situations where this is not detected reliably. This function signals to the platform layer than we
+ * received a packet from a peer with it using a different port or address. This can be used by the playroom layer to
+ * restart/confirm the DNS-SD service/address resolution for the peer service and/or take any other relevant actions.
+ *
+ * @param[in] aInstance      The OpenThread instance.
+ * @param[in] aPeerSockAddr  The address of the peer, reported from `otPlatTrelHandleDiscoveredPeerInfo()` call.
+ * @param[in] aRxSockAddr    The address of received packet from the same peer (differs from @p aPeerSockAddr).
+ */
+void otPlatTrelNotifyPeerSocketAddressDifference(otInstance       *aInstance,
+                                                 const otSockAddr *aPeerSockAddr,
+                                                 const otSockAddr *aRxSockAddr);
+
 /**
  * Registers a new service to be advertised using DNS-SD [RFC6763].
  *
@@ -181,8 +198,12 @@ void otPlatTrelSend(otInstance       *aInstance,
  * @param[in] aInstance        The OpenThread instance structure.
  * @param[in] aBuffer          A buffer containing the received UDP payload.
  * @param[in] aLength          UDP payload length (number of bytes).
+ * @param[in] aSockAddr        The sender address.
  */
-extern void otPlatTrelHandleReceived(otInstance *aInstance, uint8_t *aBuffer, uint16_t aLength);
+extern void otPlatTrelHandleReceived(otInstance       *aInstance,
+                                     uint8_t          *aBuffer,
+                                     uint16_t          aLength,
+                                     const otSockAddr *aSenderAddr);
 
 /**
  * Represents a group of TREL related counters in the platform layer.

src/core/mac/mac.cpp

@@ -2139,6 +2139,30 @@ void Mac::HandleReceivedFrame(RxFrame *aFrame, Error aError)
             break;
         }
     }
+
+#if OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE
+#if OPENTHREAD_CONFIG_MULTI_RADIO
+    if (aFrame->GetRadioType() == kRadioTypeTrel)
+#endif
+    {
+        if (error == kErrorNone)
+        {
+            // If the received frame is using TREL and is successfully
+            // processed, check for any discrepancy between the socket
+            // address of the received TREL packet and the information
+            // saved in the corresponding TREL peer, and signal this to
+            // the platform layer.
+            //
+            // If the frame used link security and was successfully
+            // processed, we allow the `Peer` entry socket information
+            // to be updated directly.
+
+            Get<Trel::Link>().CheckPeerAddrOnRxSuccess(aFrame->GetSecurityEnabled()
+                                                           ? Trel::Link::kAllowPeerSockAddrUpdate
+                                                           : Trel::Link::kDisallowPeerSockAddrUpdate);
+        }
+    }
+#endif // OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE
 }
 
 void Mac::UpdateNeighborLinkInfo(Neighbor &aNeighbor, const RxFrame &aRxFrame)

src/core/radio/trel_interface.cpp

@@ -109,6 +109,16 @@ void Interface::Disable(void)
     return;
 }
 
+Interface::Peer *Interface::FindPeer(const Mac::ExtAddress &aExtAddress)
+{
+    return mPeerTable.FindMatching(aExtAddress);
+}
+
+void Interface::NotifyPeerSocketAddressDifference(const Ip6::SockAddr &aPeerSockAddr, const Ip6::SockAddr &aRxSockAddr)
+{
+    otPlatTrelNotifyPeerSocketAddressDifference(&GetInstance(), &aPeerSockAddr, &aRxSockAddr);
+}
+
 void Interface::HandleExtAddressChange(void)
 {
     VerifyOrExit(mInitialized && mEnabled);
@@ -188,7 +198,7 @@ void Interface::HandleDiscoveredPeerInfo(const Peer::Info &aInfo)
 
     if (aInfo.IsRemoved())
     {
-        entry = mPeerTable.FindMatching(extAddress);
+        entry = FindPeer(extAddress);
         VerifyOrExit(entry != nullptr);
         RemovePeerEntry(*entry);
         ExitNow();
@@ -380,25 +390,28 @@ Error Interface::Send(const Packet &aPacket, bool aIsDiscovery)
     return error;
 }
 
-extern "C" void otPlatTrelHandleReceived(otInstance *aInstance, uint8_t *aBuffer, uint16_t aLength)
+extern "C" void otPlatTrelHandleReceived(otInstance       *aInstance,
+                                         uint8_t          *aBuffer,
+                                         uint16_t          aLength,
+                                         const otSockAddr *aSenderAddress)
 {
     Instance &instance = AsCoreType(aInstance);
 
     VerifyOrExit(instance.IsInitialized());
-    instance.Get<Interface>().HandleReceived(aBuffer, aLength);
+    instance.Get<Interface>().HandleReceived(aBuffer, aLength, AsCoreType(aSenderAddress));
 
 exit:
     return;
 }
 
-void Interface::HandleReceived(uint8_t *aBuffer, uint16_t aLength)
+void Interface::HandleReceived(uint8_t *aBuffer, uint16_t aLength, const Ip6::SockAddr &aSenderAddr)
 {
     LogDebg("HandleReceived(aLength:%u)", aLength);
 
     VerifyOrExit(mInitialized && mEnabled && !mFiltered);
 
     mRxPacket.Init(aBuffer, aLength);
-    Get<Link>().ProcessReceivedPacket(mRxPacket);
+    Get<Link>().ProcessReceivedPacket(mRxPacket, aSenderAddr);
 
 exit:
     return;